Doug Bonderud

Doug Bonderud is a freelance writer passionate about the evolution of technology and its impact on companies, stakeholders and end-users alike. Want to know more? Follow Doug on Twitter.
Posts by Doug Bonderud

Security and Development: 90 Degrees Distant?

September 21, 2015  | Secure Development

In many organizations, IT security and development teams have very different mandates. For example, according to the SANS Institute's 2015 State of Application Security: Closing the Gap, while software builders focus on lowering their time to market and feature lists, application defenders worry about fully identifying all apps in their corporate portfolios to effectively address security... READ MORE

4 Barriers to Effectively Overseeing Third-Party Vendor Security

September 17, 2015

Corporate cybersecurity risk is drawing federal attention: According to the Wall Street Journal, the US Securities and Exchange Commission now mandates that companies report "cybersecurity risks that could affect the business or its registrants materially" on their 10-K statements. The SEC wants businesses to err on the side of full disclosure, but for many organizations, even... READ MORE

Shadow IT: The Costs of Coloring Outside the Lines

September 16, 2015

The cloud. Mobile devices. High-availability networks. These and other technological advances have empowered users to work with greater efficiency and with lower spend, but they come with an unintended side effect: the consumerization of IT. Where employees once leaned on IT admins to troubleshoot any problems or install new software, they're now able to perform the same tasks via easy-to-use... READ MORE

Supply-Chain Risk Management: 4 Tips to Tackle the Elephant in the Room

August 31, 2015  | Managing AppSec

Most companies don't want to talk about their supply chains and risk management in the same sentence, let alone bring this topic to the boardroom. Why? Because, as a recent Harvard Business Review (HBR) article points out, "suppliers tend to be optimistic about the information they provide," while companies looking to bolster their bottom lines without breaking the budget are often... READ MORE

For CISO Evolution, the Three Cs Are Key

August 4, 2015  | Managing AppSec

Data breaches are on the rise. According to a recent Forbes article, more than 675 million records were compromised last year. What's more, these breaches weren't limited to a single sector: retail, financial and even post-secondary institutions were all victimized. That means IT security must evolve, and that evolution starts with the Chief Information Security Officer (CISO). In a new... READ MORE

Gartner Report Details the Value of Security Programs and Creating an Executive Link

July 29, 2015  | Managing AppSec

Cybersecurity is a now a top priority for board members. According to Help Net Security's report on a recent NYSE Governance Services/Veracode survey, over 80 percent of respondents said security was discussed at "most or all" boardroom meetings. But there's a disconnect: Sixty-six percent of those surveyed said they were "not fully confident their companies are properly... READ MORE

Airline Security Threats: When Proof of Concept Goes Off Course

July 10, 2015

Discovering vulnerabilities is an essential part of effective security testing; companies pay good money for services to accomplish this goal with rigor and precision. Many enterprises now offer "bug bounties" to encourage white-hat hackers to deliberately penetrate systems and then report the results. One such independent security researcher is Chris Roberts, a cybersecurity consultant... READ MORE

DevOps: The Rise of Subtle Security

July 8, 2015

What's in a name? If you're talking about the emerging idea of DevOps, then there's an easy answer: everything. As noted by Forbes, there's no single definition of the term; however, according to Adam Jacob, CTO of Chef Software, "DevOps is the experience of people who are using it to transform their businesses." In other words, the name means different things to... READ MORE

Threat Profile: Cross-Site Request Forgery

June 30, 2015

What is Cross-Site Request Forgery (CSRF)? More importantly, how can your business take action against it? Here's everything you need to know about this threat, its potential impact and your best defense. Cross-Site Basics CSRF attacks are listed among the OWASP Top 10, but they are often overlooked in favor of Cross-Site Scripting (XSS) vulnerabilities, advanced malware or inherent software... READ MORE

Is Executive Communication the New CISO Challenge?

June 29, 2015

CISOs play a critical role keeping a company's most critical asset — data — safe from both internal and external threats. But they're now tasked with the job of mastering executive communication, so they can both engage other C-suite members and give them a practical understanding of cybersecurity risk. As noted by CIO, "tension" between the CISO and other members of... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu